Posted
by
Unknown Lamer
on Thursday March 01, 2012 @01:46PM
from the bad-movie-plot dept.

chicksdaddy writes with a tidbit from the RSA conference. From the article: "A panel of security and policy experts speaking at the RSA Conference in San Francisco on Wednesday said that, despite dire warnings about the information warfare capabilities of China and other developing nations, the risk of an all-out cyberwar is remote, and that the U.S. still holds many of the cards. Rather than trying to deliver a knock-out cyberwar capability, the U.S. should embrace the Cold War notions of containment and mutually assured destruction with advanced nations like China and Russia. Tried and true methods to win security from cyberattacks include international diplomacy, multilateral agreements that clarify the parameters for peaceful and hostile cyberactions and — of course — a strong offensive capability."

Cyber-war and cyber-security and cyber-whatever you want to call it is not like nuclear war. Cyber-warfare is happening now and governments responsible for it (and I'm sorry for sounding so biased but this is largely the Chinese) are denying they're attacking anyone. And they can do this because a large number of attacks don't cause immediate harm to the victims. Nobody was launching nuclear missiles (or allowing another nation to launch nuclear missiles on their soil) during the cold war and then saying "Wow, *cough* *cough* I have no idea who launched those missiles!" But time and time again we see "attacks" from Chinese IP addresses [slashdot.org] and the Chinese government saying "Help us catch these criminals, *snicker*, they are too wily for we, the stupid Chinese who manage to control our populace with a giant firewall but can neither detect nor trace these attacks from within our borders."

Old fashioned diplomatic horse trading will also be a critical tool for avoiding conflict and stemming the kinds of economic and military espionage that have become common in recent years.

As I stated above, I feel that the "economic and military espionage" is largely coming from one or two perpetrators. China will simply agree to everything, take the bargaining chip (whatever it is) from the US and then continue to play dumb.

In fact, the country's leaders are anxious to hear the opinions of U.S. policy experts on what an effective cyber war doctrine and policy should look like.

Right, right, "Excuse me, what are the rules so I know how to toe the line but still remain in good standing with the UN... er, screw them, the WTO?"

This gem was really humorous:

"We as a nation know what steps we need to take to reduce our risk in cyber space," said Lewis of CSIS. "We may not want to, politically, but we know what those steps are."

A hot topic of conversation now within policy circles, cyber war is likely to end up as just another weapon in the arsenal of the U.S., China and other advanced nations, said Lewis. "People will figure out how to use it."

People will figure out how to use it? Now get off your lawn? Buddy if you can't take the time to pick up the paper or turn on CNN and watch 15-year olds downloading point'n'click bots to be a part of Anonymous, you don't deserve the title of "Senior Fellow at the Center for Strategic and International Studies." Let me assure you, people do know how to use it. Ragtag groups of teenagers roving the globe can band together and effectively use it. I'm sure governments aren't as ignorantly bumbling to catch up like they want us to believe.

I'm sure governments aren't as ignorantly bumbling to catch up like they want us to believe.

Of course not. But publicizing the domestic use of drones over U.S. cities and Jay Rockefeller going balls-out to stifle internet free speech doesn't make for particularly good press. So they do this instead; it worked wonders for George Bush, Jr.'s career. Why mess with perfection?

If you agree with Darwin's definition, "good" == "fitness" == "the option to kill everyone else, either fast (usually violently), or slow (usually outbreeding them)". If you agree with that view, then it's absolutely not worse. In fact it's an absolute necessity to have this option.

If you agree with the philosopher's definition "good" == "whatever feels good", then it's really bad. Sadly, the philosophers' states, like in ancient Greece for example... did not surv

Those are not quite the fitness criteria I seek in a political representative. Though they're usually what I get.

The problem with our current "there is only one ideology... " approach is that it prevents people from even seeing the structure of alternative approaches, and what makes them tick.

I disagree. The problem, I think you'll find, is that the education level in society has been diminished. What society used to collectively know and have certainty about, it now lacks solid facts on which to base its conclusion. Everything becomes a matter of conflicting opinion as a result.

The other problem is that in "cyber war" there are no laws of physics to ensure that the rules of kinetic destruction apply. Certain targets can be practically indestructible. Basically MAD only works if both parties are horribly incompetent at computer security and plan to keep it that way.

Not only that, but with a nuclear bomb, you can see it coming. You can see where it came from. You know who sent it. And you can fire back appropriately. Chinese hackers can attend American colleges, and attack from our own soil, and we have no way of knowing where or who it came from, if they're really good at it, that is.

Something people really should start learning about espionage and computer security. If the enemy is really good, you'll never even realize there is an enemy. You'll just be outwitted miraculously at every turn in a conventional setting.

It'll look more like a Kasparov versus the neighbor kids chess game than anything else.

Yeah, that's pretty much it. There is no "cyber war" -- but there is state-backed industrial espionage.

And the problem with the way these people are thinking about it is that MAD is totally wrong. It isn't offense that you need, it's defense. Especially for the US: What "the enemy" is doing is sabotage and misappropriation trade secrets on a massive scale. Even if you can manage to do the same thing to them, your infrastructure and trade secrets are more valuable than theirs. Which means that having the sam

In some ways, it almost sounds like a sales pitch. They need this pitch to get funding from congress so they can waste more taxpayer money. Oh and MAYBE do something about the situation. More than likely, it will just make things worse.
Unless, in the process of developing 'cyber-weapons', they realize that the best offense is a good defense....Pffffft.

Can you? All it takes is a few SRBMs disguised as shipping containers to pull up to a coast line near a major port and hit a few cities nearby to fucking devastate a country. They can simply be sank afterwords. If you saw them, assuming you were even looking for them in the first place and had automatic detection capabilities, you'd have a few minutes of warning, max. You might be able to figure out where the ship launched from, but good luck figuring out which nationality was responsible for nuking you

Radiation signatures and other weapon characteristics such as estimated yield can often be traced to the point of origin. It might take some time though. The countries currently seeking atomic weapons would be committing suicide if they used them. Even if they succeeded in detonating one device in a large US city the retaliatory strike ability would not be impaired. One submarine armed with nuclear missile carrying has enough fire power to level the majority of the middle east. One reason the US and Russia

It can be MAD in that at some point the rate of hostile traffic becomes so large you can't IDS it anymore and you don't know what to pass and what not to; at that point the victim cuts their losses and severs the line.

Trouble is if your China doing all that manufacturing and sales to us business and we decide we have no choice but black hole all your netblocks; well suddenly your economy grinds to slow crawl as does ours.

So it is MAD but its not exactly Cyber warfare specific any way. Its simply the fact t

I envision ping -t attacks and Minecraft griefing. Possibly a World of Warcraft arena team to take out pesky Chinese farmers. Maybe the US government is going to get into EveOnline and is going to all out attack the Chinese players.

The distinction is drawn by the damage level. If the destruction is comparable with attack vectors classically associated with traditional warfare then that's when it crosses the line. For the most part, this doesn't seem to have happened yet.

You seem to be confusing cyber-espionage (which is happening) with cyber-war (which would involve disrupting most financial transactions, journalism, etc.). You wouldn't get a tweet that cyber-war started because that would be one of the first sites taken down.

The closest we've seen to cyber-warfare is the STUXNET virus; it want far beyond the capabilities of script kiddies running downloadable bots.

You seem to be confusing cyber-espionage (which is happening) with cyber-war

There can be a pretty fuzzy line between traditional espionage and war as well. For example, in the case of Stuxnet, it was accompanied by assassinations, all to take down what would be a valid military target in a war.

But time and time again we see "attacks" from Chinese IP addresses [slashdot.org] and the Chinese government saying "Help us catch these criminals, *snicker*, they are too wily for we, the stupid Chinese who manage to control our populace with a giant firewall but can neither detect nor trace these attacks from within our borders."

With no intent to excuse or defend the Chinese government, but isn't that pretty much the quid pro quo the US and the USSR/China has had for ages? I mean, if the situation was reversed, how qui

That's funny. It reminds me of a company I worked for, where the network architect thought it'd be a good idea to plug all the company's internet connections into a single Wellfleet. As I recall, after about the fourth time it went south and took the entire company offline, he was invited to resign.

The internet has already been destroyed as far as I am concerned. There was a brief moment in the early 1990's where the sky was the limit and useful content was relatively easy to find. Now it has devolved into an endless and mindless recycling of garbage, all 100% optimized to make it at or near the top of the search engine pages. Some of this recycling is even done by bots. A lot of it is done by humans plagiarizing the same crap over and over. Occasionally, after about an hour's work, useful content can

So far their best effort was to put laws over internet like ACTA, PIPA, and similar ones, and "pushing" other governments (like Spain, Canada or most of the European Union ones) to do the same. In this war, Han Solo shot first. Whatever comes next, would be like bombing over ruins.

You can't technically annihilate the Internet altogether, however you can render it completely useless for almost everyone, if you put enough "preventive measures" in place. The current atmosphere allows that, and they seem to have enough scaremongering tactics in reserve to accomplish this. After everything's in place, a "cyber-war" could give them enough pretext to effectively destroy the Internet as we know it. Depending on the regimes of the time, there is a potential that all sides of the war might ben

Three steps: Kill DNS, then start in with backhoes and anchors there aren't THAT many backbones. Then change the access codes on the sats - boom! no internet.Even easier: talk the ISPs into closing their backbones to public traffic. The internet isn't NEARLY as decentralized as it should be.The only way to combat this is with a wide area wireless mesh. every wireless peers it's neighbor. Intercontinental traffic is still gone if the oceanic fiber is cut, but relatively localized networks will still be possi

One possible problem I see is that with VOIP so common these days (I read recently that AT&T is converting over to VOIP en-masse and closing down a lot of their GO facilities) you can't take out internet without also taking out phone service. I guess my question should be "how does one go about destroying *just* the internet?"

I might start with a few ships dragging anchors through the fiber to China. Follow it up with a few ships threatening the same to India if they route Chinese traffic over land. Of course, that would be treated like an act of war (it is), however, I don't see the Chinese as the protagonists on this, we don't attack their shit aggressively and constantly but their great firewall has the capability to stop outgoing attacks and they seem to not bother or even encourage it.

It would be relatively easy to drastically reduce or completely cut of China by physically destroying the network. They'd have to use operatives or proxies that were pre-located elsewhere on the planet, which takes their "there's billions of them!" advantage down most of the way.

Hell, half of Africa was shut off accidentally a couple days ago.

Anybody with any brains already has most of the Chinese netblocks killed at their firewall anyway. For my stuff, the Chinese are a zero signal to noise ratio. Know what else NOBODY NOTICED.

There's already a war going on, the Chinese host a lot of compromised machines and initiate a lot of attacks already.

Part of the problem with outsourcing all of our IT manufacturing is that we don't know what foreign agencies can kill with a single switch. It's only a part mind you, but enough that we in the US should be severely concerned with. No matter how good our hacking staff is, if the hardware they are hacking on is killed from a remote location.. well.. that pretty much ends the game.

If I were a Chinese intelligence expert tasked with meeting this challenge, I'd place my killswitch in the offload engine of network interfaces. Just have to get the chip fabs in China to switch their masks for slightly modified ones, with a tiny bit of extra circuitry on the silicon. It'd look for a specific sequence of 16 bytes in the packet (Putting it in the offload engine ensures it won't inadvertantly break routers en route - at worst you'd knock out a web proxy instead) and, upon detecting them, short every data line on the PCIe interface to ground (or +5v) in the hope of frying the northbridge, or at least crashing the system. Now you've got a simple but effective killswitch. Good for exactly one major use before it's discovered and the trigger blocked, but one use should be quite enough - when the war goes serious, the ability to crash half the US internet will provide many hours of disruption. Enough to cover a first strike. Alternatively, it could be used to quietly fry the webservers of dissidents or proxies - so long as you don't try to hit too many at once, it'd look like nothing more than a failed mainboard and never be detected as a deliberate attack.

You could use it as an ECM system - respond to hacking attempts with a packet containing the kill-code - but if you do that consistantly they'll eventually realise something is going on and start replaying packet dumps until they find the cause.

that would be mostly useless unless (A) every major firewall maker had additional secret code to ignore firewall rules and pass on the pingofdeathmk2 or (B) all your important targets were well known for internetting raw dog

You just need to get the bytes to the destination somehow. It doesn't have to be direct. You could just embed them into an image file and get all your targets to look, or embed them into your secret communications as an anti-interception measure.

Good plan but network cards are produced in America and Taiwan, not in China. They are then shipped to Foxconn's factories where they are assembled by low paid workers who have neither the equipment nor the skill to change the circuitry of an already finished chip.

Let's get this straight:CPUs are made by Intel and AMD in America.Motherboards and NCs are mostly made in Taiwan.Harddrives are made in America (Western Digital) and South Korea (Samsung).

As someone else showed, it does not take a lot in terms of logic. A network interface has to open packets, and a logic circuit to look for a specific string in a packet and die if it finds it, or worse simply repeats that packet on a broadcast to all known addresses can shut people down for a long time. A smidge more code, and we have the packet locked in a buffer so even after a power off/on the card no longer works.

Could China or Korea add such a chip to a NIC that is sold only overseas? Most likely, o

It sounds quite untrue. If they even have a reactor making medical isotopes (I don't think they do), it's not like it needs to be refueled every year.You don't use power reactors to make medical isotopes, AFAIK.Radiotherapy is not done directly at nuclear reactor (except for boron neutron capture which is rare) and medical isotopes can be shipped overseas - most of them are outside of North America I think.If they are making isotopes with a cyclotron, uranium is irrelevant.Bogus.

This one was (fortunately) in an unpopulated area of Russia or it'd have been bad casualty wise. As it stands it's believed to be the largest non-nuclear explosion. Caused by cyber-war/cyber-espionage:

Cold War 2.0 sounds like a great idea... ohhh wait...
"Tried and true methods to win security from cyberattacks include international diplomacy, multilateral agreements that clarify the parameters for peaceful and hostile cyberactions and — of course — a strong offensive capability."
And proxy wars (http://en.wikipedia.org/wiki/Proxy_war) to keep it "hot" enough... also the name fits better for the "cyber age" (puke).

It's funny that they always focus on offense when offensive capability is fleeting, costly and potentially dangerous to yourself*, and defense is vastly more powerful.

*found Apache exploit, keep secret as a "weapon" and hope the enemy (who can turn it back on you minutes after it's first used) isn't as smart, or release it to bolster both your and the enemy's defenses?

Rofl yeah that makes a difference. A vote. You must be clueless if you haven't realized that the status quo is maintained no matter which political party is in power. The "vote" makes no difference. The only difference would be if you ran for office yourself, and even then you get caught by international treaties which override your puny national vote. And if all else fails, the person in power can simply ignore your vote. All of the above has happened, and is happening right now.

Unless it includes a actual nuclear attack option at some escalated point, its not really MAD. As painful as it is to lose the internet, and as much as it would harm our economy, etc; it could hardly be construed at total destruction of the nation.

"If you break our internet, we'll break yours" doesn't really carry the same weight as "if you break our internet, we'll nuke you into the oblivion."

If an attack does come from overseas, just turn off the pipes (power off whatever devices the physical undersea fibers connect to). The problem with this is that they are likely setting up a massive botnet within the target country that cannot be blocked by such a method. And we do see that the government tends to not care to shut down botnets [slashdot.org], even now.

Trivially, an attack can be stopped or at least contained by simply pulling the network plug. I can't envision a scenario where we'd "lose the internet". We might lose connectivity to some areas for awhile, but it's not like there's some timed self-destruct code buried in Cisco firmware that could be activated en-masse.

The routers won't self-destruct, but there are a lot of things hooked up to computers that can. It's very common to have industrial machinery that can be destroyed or destroy nearby things due to a software fault. Iran's centrifuges are a good example. Hydro dams, nuke plants, chemical refineries... There are lots of nebulous and hard to quantify opportunities, which is why politicians are thrilled to see this become popular.

I can easily imagine 'losing the Internet' if the shit hits the fan (and by the way, I work on Internet, telco and financial sector IP infrastructure constantly so I'm not completely ignorant of what I'm talking about).

Consider how much networking (and everything else) equipment is made in China, for example.

Is anyone looking for kill code in this hardware? No idea but I think that anyone who buys from a country that is as continually abrasive and invasive as China should assume that they're getting what t

Idiots like these are the main reason Americans are so vulnerable to online threats.I have written [slashdot.org] about why cyberwar is a false analogy, so mostly I will just repeat myself:

There is no warfare, it's just a new method of espionage.

There is no mutually assured destruction: cybersabotage is anonymous, thus you can't counterattack, and even if you could, an all-out attack would still not be enough for complete destruction. Cyberespionage is a slow game, to seriously disrupt a target infrastructure you would have to research it for years. And while you theoretically could try to collect vulnerabilities and then exploit them all at the same time in a single strike, it's not really feasible as systems get upgrade from time to time, and you collection would get obsolete after a while. In this conflict you have to grab an opportunity when you have one, a single devastating strike isn't practical.

Also, destruction in this sense is a huge exaggeration, you can't do serious (compared to a real war) harm from the internet.

The source of an attack doesn't have to be a nation, it can be anyone with an internet connection, which combined with anonymity makes diplomacy worthless.

The only true method that works is to secure your fucking systems, and run regular whitehat tests (or, in their words, "cyberwargames") to identify possible vulnerabilities.

we both have the same to loose. So if China decides that they can get by with just their intranet then deterrence doesn't work. Especially since the stakes for the US and rest of the world would be total economic collapse. Also concerning is the less one side understands about the technological concepts and repercussions the more likely ether side is start a cyber war. and we all know our decision makers are crack technologists. A least nukes mean the total end of the physical world, where no one is likely to exactly know what would happen if we erased the virtual one.

as to what policy think tanks or security professionals actually endorse the same concept that nearly murdered everyone on the planet throughout the cold war. and frankly, i dont blame them. MAD is a no-win outcome every time. if you dont believe me, pick a short wave radio and listen to the stations that still broadcast on russias "dead-hand" system. [wikipedia.org]
for those of us who insist turning the power off is good enough, and we're seriously considering MAD here, you can expect the cyber war drummed up by the war

Obviously, you could take out parts of an enemies infrastructure using digital means, and that makes sense to create chaos during or before an attack and such. However, an exploit could just be usable one time in a very visible attack. Surely large countries may have a bunch of secret exploits against critical systems. However, after the attack the other side may recover, patch it, and potentially find the previous uses of it and what you did with it.